CVE-2021-1618
Cisco Intersight Virtual Appliance Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection attack on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to do one or both of the following: Execute a command using crafted input Upload a file that has been altered using path traversal techniques A successful exploit could allow the attacker to read and write arbitrary files or execute arbitrary commands as root on an affected system. For more information about these vulnerabilities, see the Details section of this advisory.
Múltiples vulnerabilidades en la interfaz de administración basada en la web de Cisco Intersight Virtual Appliance podrían permitir a un atacante remoto autenticado realizar un ataque de salto de ruta o de inyección de comandos en un sistema afectado. Estas vulnerabilidades son debido a una comprobación de entradas insuficiente. Un atacante podría explotar estas vulnerabilidades al usar la interfaz de administración basada en la web para realizar una o ambas de las siguientes acciones: Ejecutar un comando usando una entrada diseñada. Cargar un archivo que ha sido alterado usando técnicas de salto de ruta. Una explotación con éxito podría permitir al atacante leer y escribir archivos arbitrarios o ejecutar comandos arbitrarios como root en un sistema afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Details de este aviso
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2020-11-13 CVE Reserved
- 2021-07-22 CVE Published
- 2023-03-07 EPSS Updated
- 2024-11-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-36: Absolute Path Traversal
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsi2-dtcinj-yH5U4RSx | 2023-11-07 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Intersight Virtual Appliance Search vendor "Cisco" for product "Intersight Virtual Appliance" | < 1.0.9-292 Search vendor "Cisco" for product "Intersight Virtual Appliance" and version " < 1.0.9-292" | - |
Affected
|